Linux vmi284606.contaboserver.net 4.15.0-213-generic #224-Ubuntu SMP Mon Jun 19 13:30:12 UTC 2023 x86_64
Apache/2.4.57 (Ubuntu)
: 167.86.127.34 | : 216.73.217.51
Cant Read [ /etc/named.conf ]
7.2.24-0ubuntu0.18.04.17
root
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
README
+ Create Folder
+ Create File
/
var /
www /
html /
osticket /
upload /
[ HOME SHELL ]
Name
Size
Permission
Action
api
[ DIR ]
drwxr-xr-x
apps
[ DIR ]
drwxr-xr-x
assets
[ DIR ]
drwxr-xr-x
css
[ DIR ]
drwxr-xr-x
images
[ DIR ]
drwxr-xr-x
include
[ DIR ]
drwxr-xr-x
js
[ DIR ]
drwxr-xr-x
kb
[ DIR ]
drwxr-xr-x
pages
[ DIR ]
drwxr-xr-x
scp
[ DIR ]
drwxr-xr-x
account.php
4.94
KB
-rw-r--r--
ajax.php
1.8
KB
-rw-r--r--
avatar.php
1.06
KB
-rw-r--r--
bootstrap.php
14.98
KB
-rw-r--r--
captcha.php
611
B
-rw-r--r--
client.inc.php
2.91
KB
-rw-r--r--
file.php
2.33
KB
-rw-r--r--
index.php
2.28
KB
-rw-r--r--
login.php
5.55
KB
-rw-r--r--
logo.php
980
B
-rw-r--r--
logout.php
714
B
-rw-r--r--
main.inc.php
1.63
KB
-rw-r--r--
manage.php
2.36
KB
-rw-r--r--
offline.php
940
B
-rw-r--r--
open.php
2.97
KB
-rw-r--r--
profile.php
1.2
KB
-rw-r--r--
pwreset.php
2.95
KB
-rw-r--r--
secure.inc.php
1.14
KB
-rw-r--r--
tickets.php
5.77
KB
-rw-r--r--
view.php
1.55
KB
-rw-r--r--
web.config
2.15
KB
-rw-r--r--
Delete
Unzip
Zip
${this.title}
Close
Code Editor : tickets.php
<?php /********************************************************************* tickets.php Main client/user interface. Note that we are using external ID. The real (local) ids are hidden from user. Peter Rotich <peter@osticket.com> Copyright (c) 2006-2013 osTicket http://www.osticket.com Released under the GNU General Public License WITHOUT ANY WARRANTY. See LICENSE.TXT for details. vim: expandtab sw=4 ts=4 sts=4: **********************************************************************/ require('secure.inc.php'); if(!is_object($thisclient) || !$thisclient->isValid()) die('Access denied'); //Double check again. if ($thisclient->isGuest()) $_REQUEST['id'] = $thisclient->getTicketId(); require_once(INCLUDE_DIR.'class.ticket.php'); require_once(INCLUDE_DIR.'class.json.php'); $ticket=null; if($_REQUEST['id']) { if (!($ticket = Ticket::lookup($_REQUEST['id']))) { $errors['err']=__('Unknown or invalid ticket ID.'); } elseif(!$ticket->checkUserAccess($thisclient)) { $errors['err']=__('Unknown or invalid ticket ID.'); //Using generic message on purpose! $ticket=null; } } if (!$ticket && $thisclient->isGuest()) Http::redirect('view.php'); $tform = TicketForm::objects()->one()->getForm(); $messageField = $tform->getField('message'); $attachments = $messageField->getWidget()->getAttachments(); //Process post...depends on $ticket object above. if ($_POST && is_object($ticket) && $ticket->getId()) { $errors=array(); switch(strtolower($_POST['a'])){ case 'edit': if(!$ticket->checkUserAccess($thisclient) //double check perm again! || $thisclient->getId() != $ticket->getUserId()) $errors['err']=__('Access Denied. Possibly invalid ticket ID'); else { $forms=DynamicFormEntry::forTicket($ticket->getId()); $changes = array(); foreach ($forms as $form) { $form->filterFields(function($f) { return !$f->isStorable(); }); $form->setSource($_POST); if (!$form->isValidForClient(true)) $errors = array_merge($errors, $form->errors()); } } if (!$errors) { foreach ($forms as $form) { $changes += $form->getChanges(); $form->saveAnswers(function ($f) { return $f->isVisibleToUsers() && $f->isEditableToUsers(); }); } if ($changes) { $user = User::lookup($thisclient->getId()); $ticket->logEvent('edited', array('fields' => $changes), $user); $type = array('type' => 'edited', 'fields' => $changes); Signal::send('object.edited', $ticket, $type); } $_REQUEST['a'] = null; //Clear edit action - going back to view. } break; case 'reply': if(!$ticket->checkUserAccess($thisclient)) //double check perm again! $errors['err']=__('Access Denied. Possibly invalid ticket ID'); $_POST['message'] = ThreadEntryBody::clean($_POST['message']); if (!$_POST['message']) $errors['message'] = __('Message required'); if(!$errors) { //Everything checked out...do the magic. $vars = array( 'userId' => $thisclient->getId(), 'poster' => (string) $thisclient->getName(), 'message' => $_POST['message'] ); $vars['files'] = $attachments->getFiles(); if (isset($_POST['draft_id'])) $vars['draft_id'] = $_POST['draft_id']; if(($msgid=$ticket->postMessage($vars, 'Web'))) { $msg=__('Message Posted Successfully'); // Cleanup drafts for the ticket. If not closed, only clean // for this staff. Else clean all drafts for the ticket. Draft::deleteForNamespace('ticket.client.' . $ticket->getId()); // Drop attachments $attachments->reset(); $attachments->getForm()->setSource(array()); } else { $errors['err'] = sprintf('%s %s', __('Unable to post the message.'), __('Correct any errors below and try again.')); } } elseif(!$errors['err']) { $errors['err'] = __('Correct any errors below and try again.'); } break; default: $errors['err']=__('Unknown action'); } } elseif (is_object($ticket) && $ticket->getId()) { switch(strtolower($_REQUEST['a'])) { case 'print': if (!$ticket || !$ticket->pdfExport($_REQUEST['psize'])) $errors['err'] = __('Unable to print to PDF.') .' '.__('Internal error occurred'); break; } } $nav->setActiveNav('tickets'); if($ticket && $ticket->checkUserAccess($thisclient)) { if (isset($_REQUEST['a']) && $_REQUEST['a'] == 'edit' && $ticket->hasClientEditableFields()) { $inc = 'edit.inc.php'; if (!$forms) $forms=DynamicFormEntry::forTicket($ticket->getId()); // Auto add new fields to the entries foreach ($forms as $form) { $form->filterFields(function($f) { return !$f->isStorable(); }); $form->addMissingFields(); } } else $inc='view.inc.php'; } elseif($thisclient->getNumTickets($thisclient->canSeeOrgTickets())) { $inc='tickets.inc.php'; } else { $nav->setActiveNav('new'); $inc='open.inc.php'; } include(CLIENTINC_DIR.'header.inc.php'); include(CLIENTINC_DIR.$inc); print $tform->getMedia(); include(CLIENTINC_DIR.'footer.inc.php'); ?>
Close
